1. Data Controller
- Company: Astronomiko
- Registered address: [Business Address], [City, Country, ZIP]
- Contact: legal@astronomiko.com
2. What Personal Data We Collect
2.1 Account Data
- First name and last name
- Email address
2.2 Profile Data
- Location or country
- Profile photo (managed via Clerk authentication)
2.3 Transaction Data
- Credit purchase history
- Booking history
- Payout records (for Providers)
2.4 Usage Data
- Page visits and feature interactions
- Session logs
2.5 Communication Records
- Support messages
- Dispute correspondence
2.6 Technical Data
- IP address
- Browser type and version
- Device information
3. How We Use Your Data
3.1 Purpose and Legal Basis
- Providing the platform service — Art. 6(1)(b) GDPR (contract performance)
- Processing payments via Stripe — Art. 6(1)(b) GDPR (contract performance)
- Sending transactional emails via Resend — Art. 6(1)(b) GDPR (contract performance)
- Fraud prevention and platform security — Art. 6(1)(f) GDPR (legitimate interest)
- Legal compliance and tax records — Art. 6(1)(c) GDPR (legal obligation)
- Service improvement and analytics — Art. 6(1)(f) GDPR (legitimate interest)
4. Third-Party Data Processors
- Clerk (authentication): processes name, email, and OAuth data
- Stripe (payments): processes payment method and identity data for KYC verification
- Backblaze B2 (file storage): stores astronomical image files uploaded during bookings
- Resend (email): processes email address for transactional delivery
- Vercel (hosting): processes request logs as part of infrastructure
- Supabase (database): stores all structured user, booking, and transaction data
5. Data Retention
- Account data: retained for the lifetime of the account, deleted within 30 days of account deletion
- Transaction and booking records: 10 years (legal/tax requirement)
- Astronomical image files: deleted from storage within 90 days of booking completion (unless disputed)
- Support communications: 3 years
- Analytics data: 26 months
6. Your Rights Under GDPR
6.1 Rights Overview
- Right of access (Art. 15): request a copy of the personal data we hold about you
- Right to rectification (Art. 16): request correction of inaccurate or incomplete data
- Right to erasure (Art. 17): request deletion of your data, subject to legal retention requirements
- Right to data portability (Art. 20): receive your data in a structured, machine-readable format
- Right to restriction (Art. 18): request that we limit how we use your data
- Right to object (Art. 21): object to processing based on legitimate interests
- Right to withdraw consent: where processing is based on consent, you may withdraw at any time
- Right to lodge a complaint: with your national data protection supervisory authority
6.2 Exercising Your Rights
To exercise any of the above rights, please contact us at legal@astronomiko.com. We will respond within 30 days.
8. International Data Transfers
- Some of our third-party processors are based outside the EU/EEA (e.g., Vercel, Backblaze B2, Resend). Where personal data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
9. Data Security
- All connections to Astronomiko are encrypted using HTTPS/TLS
- Database access is restricted to authorized service accounts
- Payment data is never stored on our servers — it is handled entirely by Stripe
- File storage uses private buckets with short-lived presigned URLs for access
10. Changes to This Policy
- We may update this Privacy Policy from time to time. Material changes will be communicated to users via email at least 30 days before taking effect.
- The "Last Updated" date at the top of this page always reflects the most recent version.
11. Contact Information
- Data requests: legal@astronomiko.com
- Support: support@astronomiko.com
- Mailing address: Astronomiko, [Business Address], [City, Country, ZIP]
Last Updated: January 29, 2026